[ossec-list] Re: can ossec 2.8 run on CentOS 7.x ?

Yes, it works. Just try it. On Thursday, November 3, 2016 at 10:46:57 PM UTC+1, Rajanikanthrao Bolla wrote: > > Hi, > Will ossec 2.8 (server type install) run on CentOS 7.x? > > Has anyone tested it or had experience using it? > > Please share. > > Thanks, > Raj. > -- --- You received this

Re: [ossec-list] Re: Ossec RPM installation - Local/Standalone mode

Hello Chris, Sorry. Unfortunately, I didnt explore much on this and moved ahead with the client/server model. On 3 November 2016 at 23:53, Christian Bourque wrote: > Hello Vibin, > > Did you ever find an answer to this problem? Because I'm facing the exact > same

Re: [ossec-list] ossec-authd TLS1.2 only

Hi, OSSEC v2.8.3 uses the method SSLv23, that is version-flexible and negotiates the highest protocol mutually supported by the manager and the agent, preferably TLS v1.2. The new OSSEC v2.9 will use the method TLSv12, that forces to establish the TLS v1.2 protocol and rejects the connection

Re: [ossec-list] OSSEC Signature Update Frequency

Hi Matthew, I just remembered that the script only works with the new release of Wazuh. Anyway, you can do it manually: 1. Backup your current installation 2. Copy ossec-rules/decoders/ to /var/ossec/etc/decoders 3. Copy ossec-rules/rules/ to /var/ossec/rules. 4. Copy

Re: [ossec-list] Filter Windows Event at client

Hi Fredrik, according to the documentation you can use the Microsoft event schema . If you want to add multiple event IDs: Security eventchannel Event/System[EventID=5140 and EventID=5144] Also, I think

Re: [ossec-list] OSSEC Signature Update Frequency

Hi Matthew, Wazuh has a repository for decoders, rules, rootchecks, etc. Almost all decoders/rules should work in every OSSEC version, except some of them that use new features. I recommend you to create a backup of OSSEC, then update the rules using the

Re: [ossec-list] getting error: ossec-remoted(1213): WARN: Message from 10.8.6.20 not allowed.

On Fri, Nov 4, 2016 at 10:09 AM, Stephen LuShing wrote: > So Dan I assume that i will need to reinstall the agent with the any or the > 10.8.6.0/24 entry.I guess it will be for another server also with the same > issue on the same subnet. > You shouldn't have to. You might

[ossec-list] getting error: ossec-remoted(1213): WARN: Message from 10.8.6.20 not allowed.

I was able to install an osec agent to a solaris 10 server and everything seems to be working. The only issue is I am getting this error and I think is because the network interface has a primary and a 2 virtual network interface. Here is the network settings: sovcbanat1# ifconfig -a lo0:

Re: [ossec-list] Re: Ossec RPM installation - Local/Standalone mode

Christian, As I mentioned in my comment in the ossec-hids package, that package was only built for client/server operations, not a local only installation. If you're feeling so inclined, you can branch the OBS package and update it to additionally build and provide a -local package. I've never

Re: [ossec-list] getting error: ossec-remoted(1213): WARN: Message from 10.8.6.20 not allowed.

On Fri, Nov 4, 2016 at 8:43 AM, Stephen LuShing wrote: > I was able to install an osec agent to a solaris 10 server and everything > seems to be working. The only issue is I am getting this error and I think > is because the network interface has a primary and a 2 virtual

Re: [ossec-list] OSSEC Signature Update Frequency

On Fri, Nov 4, 2016 at 6:25 AM, Jesus Linares wrote: > Hi Matthew, > > Of course, you can do the "same" procedure from OSSEC-HIDS but Wazuh is > doing a great effort to centralize, test and maintain decoders and rules > submitted by Open Source contributors and create new ones. >

Re: [ossec-list] Re: Ossec RPM installation - Local/Standalone mode

Thanks a lot for your feedback guys! On Fri, Nov 4, 2016 at 9:01 AM, Darin Perusich wrote: > Christian, > > As I mentioned in my comment in the ossec-hids package, that package > was only built for client/server operations, not a local only > installation. If you're feeling